Personal details of more than 4,500 TalkTalk customers have been discovered online – despite TalkTalk denying they had been stolen.
The details, which were found as part of a BBC Watchdog investigation, are part of the 2015 data breach, when almost 157,000 TalkTalk customer details were stolen.
They include full names, addresses, email addresses, dates of birth, TalkTalk customer numbers, mobile numbers and bank details of thousands of customers.
This information is likely to have been online since the 2015 breach, without the knowledge of the people involved, according to Watchdog Live.
It was freely and easily available and did not have to be found by searching the "dark web". The BBC consumer show uncovered it using a simple Google search.
The 2015 breach left substantial amounts of sensitive personal information potentially exposed to fraudsters.
While all TalkTalk customers were advised about the risk of scam calls, thousands were reassured by the chief executive at the time that “none of your personal information or sensitive financial data was taken”.
Following Watchdog Live's investigation, TalkTalk has contacted the affected customers and made them aware their details were compromised back in 2015.
“A recent investigation has shown that 4,545 customers may have received the wrong notification regarding this incident," the company said in a statement.
"This was a genuine error and we have since written to all those impacted to apologise.
"99.9% of customers received the correct notification in 2015. On their own, none of the details accessed in the 2015 incident could lead to any direct financial loss.”
However, online security expert Scott Helme said that with the information Watchdog has found, a fraudster could sign up for services, set up direct debits and purchase goods on their victim's behalf.
He said a scammer could also pretend to be their bank with this information.
The 2015 attack saw the personal details of nearly 157,000 customers accessed, including the bank account number and sort code of over 15,000 customers.
The Information Commissioners Office (ICO) subsequent investigation found multiple failings in TalkTalk’s security processes.
The ICO issued a record fine of £400,000 to TalkTalk in 2016, as a reflection of "the seriousness of the event".
Watchdog presenter Steph McGovern spoke to a number of customers affected, none of whom were aware that their details had been compromised.
For the last two years Alan – whose name has been changed to protect his identity – has had his phone, email and his bank account bombarded by a series of fraudulent attacks.
Alan said he felt “extremely uncomfortable” after Watchdog Live showed him his bank account number, sort code and other personal information being so easily accessible online.
He added: “I think they've failed their customers on a gigantic scale.“
Watchdog Live also spoke to Maureen, who was shocked after finding out that her details were breached in 2015. At the time Maureen was told by TalkTalk that her details had not been stolen.
Maureen has been in touch with TalkTalk on multiple occasions, most recently in May of this year, to raise her concerns that her details had been compromised.
Source: Read Full Article